HUB International. Security Risk Management Services

Transcription

1 HUB International Security Risk Management Services Prepared by: Hart S. Brown, CORP, CBCP, LPQ Vice President, Practice Leader Organizational Resilience HUB International Risk Services

2 Table of Contents Executive Summary.. 3 HUB International. 4 Risk Services 5 Security Risk Management Services 6 Client Commitment 12 HUB Biographies 13 Legal Notice All consulting services performed by HUB are advisory in nature. All resultant report is based upon conditions and practices observed by HUB and information supplied by the client. Any such reports may not identify or contemplate all unsafe conditions and practices; others may exist. HUB does not imply, guarantee or warrant the safety of any of the client s properties or operations or that the client or any such properties or operations are in compliance with all federal, state or local laws, codes, statutes, ordinances, standards or recommendations. The advice and recommendations submitted in this plan constitute neither a warranty of future results nor an assurance against risk. All decisions in connection with the implementation, if any, of any of HUB s advice or recommendations shall be the sole responsibility of, and made by, the client. Page 2

3 Executive Summary HUB International offers security risk management services to selected clients and family offices. As an introduction to these services, we are pleased to present the details of the security risk management capabilities in the pages that follow. The information will serve to familiarize your team with the types of assistance that we believe will be of value to you and your clients. The services can be developed and delivered as a package or individualized and tailored to meet specific and individual requests as each service type is designed to be flexible and adaptable to the needs of the client. All services will be proposed at an agreed-to cost structure and billed at completion. Additional information can be found: HUB Crisis Management Website - HUB Cyber Risk Website - HUB Personal Insurance Website - HUB Family Office Website Page 3

4 HUB International Headquartered in Chicago, IL, HUB International Limited is a leading global insurance brokerage that provides a broad array of property and casualty, life and health, employee benefits, investment and risk management products and services from offices located throughout North America. HUB International has more than 8,800 employees in more than 350 offices. Since 1998, HUB has focused on developing innovative risk management solutions for leading family office organizations ad high net worth clients. By combining our broad range of products with expert advice, our clients are assured we will deliver a complete risk solution with the level of service they deserve. Accomplished risk services consultants with an average of more than 20 years experience. Security expertise in more than 50 countries worldwide. Geographic reach in offering clients regional expertise and solutions throughout North America and internationally. High net worth specialty practices that offer expertise in risk solutions for aircraft, watercraft, equine, farms and ranches. Fine art and collectibles team specializing in cultural institutions, galleries and significant individual collections. Flexible service platform that meets the specific risk management needs of each high net worth individual or family. Strategic Locations HUB International is structured around large regional hubs with satellite offices strategically located throughout North America. Our geographic footprint includes more than 350 offices. The diversified and localized presence provides a significant competitive advantage. Personal service, individual attention and the ability to respond quickly to client needs. We are able to provide local representation to high net worth individuals and families almost anywhere within North America. Internationally, we can support clients directly or through partner service providers. Page 4

5 Risk Services The HUB Risk Services is based out of our headquarters in Chicago, Illinois and offers tailored solutions to clients with consultants located strategically North America. Our team of nearly 100 risk consultants has the proven knowledge and experience to assist in identifying current/potential risks and implementing controls to reduce exposure to loss, as well as partnering with our clients to create claims management processes and address claim issues should they occur. This experience and geographic reach creates a large number of core services, but still allows our local team members to be responsive to individual needs, providing custom solutions to address specific risks. Based on the needs of our clients, our risk team can provide services around the globe directly or through local partnerships. HUB maintains a flexible approach to connect our clients with the specific HUB Risk Services team member that can best fulfill your goals and objectives. Our team members include: Security professionals Crisis management professionals Cyber risk management professionals Board-certified safety professionals Certified risk managers Certified construction risk specialists Environmental risk managers Property protection specialists Former corporate directors General liability experts Emergency response professionals Fire protection / professional engineers HUB International specializes in a wide variety of risk services products and consultancy. Because we serve both commercial and private clients, we can offer solutions that are properly scaled to meet your specific needs. High Net Worth/Family office risk management Security risk management Crisis management Property risk engineering Safety & environmental management Transportation risk management Construction safety management Industrial Hygiene Travel risk management Cyber risk management Enterprise risk management Business continuity management Emergency management Entertainment risk management Environmental management Claims management Page 5

6 HUB Security Risk Management HUB Security Risk Management Services 24/7/365 Access to Security and Crisis Advisory Services Subscribing members have access to security advisory services on a 24/7/365 basis applicable anywhere in the world. The basic service includes two assistance calls per year. Assistance thereafter is at a cost of $60 per call. These advisory services include: Threat assessments Preventive security recommendations Security response processes and procedures Coordination with local security or crisis response services Coordination with insurance carrier provided crisis services Specialized Identity Theft Protection Identity theft protection guides, monitors, protects, and restores client identities. Specific services include cyber concierge services, consulting services, proactive third-party inquiries, breach response and remediation as well as focused monitoring and resolution services. Background Checks (US and Canada) The background check service is provided to clients to review both the professional and personal history of a new or existing employee. The investigation includes criminal history, credit history and employment history in order to reduce risk and assess suitability. Cyber Activity Risk Assessment The cyber risk activity assessment reviews how data is accessed and shared in order to determine the potential exposure of private information. The results can be reviewed to establish an overall risk exposure. The assessment includes: Physical protection of devices File storage Online activity Mobile device procedures protection Social media usage Travel Page 6

7 International Background Checks International background checks can be an important part of a thorough, comprehensive background check. It is recommended that international criminal checks be conducted when considering applicants from abroad or applicants who have recently come from overseas. In addition, international background checks should be considered for U.S. citizens who have worked or been educated abroad and foreign nationals for a position in their home country. Employee Personality/Suitability Assessments The employee personality or suitability assessment ensures an appropriate match for a potential position. It is comprised of a series of questions that are administered online and in multiple languages to determine an individual s personality and behavioral style. The profile is electronically scored creating a profile report assessing honesty and integrity, as well as the propensity to steal, use drugs, lie, exhibit hostility, or have an entitlement mentality. Investigative Services HUB is able to coordinate investigations and due diligence services virtually anywhere in the world, through its networks of partnerships in more than 200 cities worldwide. Investigations can include potential business partners, customers, suppliers, licensees/agents, distributors, potential joint-venture partners, subsidiaries or merger and acquisition candidates. HUB can facilitate local resources to limit potential risk and establish due diligence in decision-making processes. Online Reputation Assessment Reputation can be considered an asset and the protection of a person s online presence and reputation may be considered for personal preferences, security reasons, financial reasons or due to professional requirements. A scan to determine the types of information that are easily identifiable and attributable will be conducted on open records, news outlets, professional publications, blogs and social media platforms. The results will be reviewed and various security and reputational management options and recommendation will be proposed for consideration. Page 7

8 Cyber Security Assessment The cyber security assessment combines a cyber-health check with an independent, objective review of your personal and organization s security and privacy practices. A remote scan of your perimeter network devices such as firewalls, web servers, servers, etc. will be conducted to mitigate vulnerabilities and stave off potential attacks. Property Security Assessment The property security assessment is comprised of two parts, a threat assessment and a vulnerability assessment. The threat assessment is conducted to assess the potential of specific security related incidents. The vulnerability assessment is a systematic evaluation to detect security gaps in the current physical security system. This includes crime prevention through environmental design (CPTED) factors. It is used to determine the effectiveness of countermeasures in protecting specific property types from specific aggressors. This service is applicable for a residence, watercraft, aircraft and assets such as jewelry, art, antiques, guns or other valuable possessions and includes a review of: Historical security events Crime trends Risk factors Qualitative threat assessment Day and night evaluations Intrusion detection Alarm assessment CCTV systems Entry control Delay mechanisms Personal Security Awareness Training Personal security awareness training provides individuals with the foundation on gaining knowledge of crime as a process, improving situational awareness of surroundings, providing effective crime avoidance strategies and reinforcing the importance of obeying intuition. Developing and strengthening security awareness techniques can help ensure individuals have an understanding of family expectations, as well as company security procedures and best practices. This includes: Indicators of crime Recognizing surveillance Recognizing indicators of violence Conflict de-escalation Driving security Safety in elevators, parking lots, walking areas Hotel selection and travel safety Immediate response actions to take Assistance with Coordinating Security Services Assisting and coordinating security services includes supporting alarm systems, security drivers, executive protection personnel and crisis response services. HUB experts can recommend security organizations that have met standardized security operating standards and can assist in defining actions to be taken to increase security arrangements if the threat or their exposure changes. These services can be coordinated for special events, while traveling or as a per client request basis. Page 8

9 Threat of Violence Consultation Security consultation can give direction and support before, during, and after threatening situations and include the use of behavioral health professional, as needed. Threat of violence consultation is designed to create an organized and sequential approach to threat management. Immediate response Threat assessment Defusing actions Travel Briefs The HUB travel brief provides guidelines to minimize risks, costs and the impact of a potential incident while traveling. This brief is specific to a location and provides insight on security, natural hazards and medical risks. This includes: Destination or location overview Tailored risk assessments Latest crime information Advice on how to avoid becoming a victim Natural hazards (earthquakes, floods, storms, etc.) Local health concerns (vaccinations, things to avoid) Recommended hospital in the area Emergency contacts Protective Intelligence Updates Protective intelligence services are offered as a way to maintain up-to-date information on specific incidents impacting individuals worldwide. These intelligence updates can be distributed electronically to clients using the best information and analysis available in order to deliver appropriate advice and recommendations. The updates are designed to provide timely, actionable products that assist in mitigating safety and security risks. In addition, clients can make requests and inquiries regarding specific incidents or locations. Kidnap, Ransom/Extortion Response Services Kidnap/extortion response services provide advice on creating preparatory response plans, as well as advocating for the client as part of a crisis response. Response plans focus on immediate actions and response procedures that can be applied to any individual that may encounter this type of situation worldwide. The plan includes the following: Response priorities Incident assessments and escalation steps Domestic and international incidents evaluation Communications with authorities Response team appointments Communicator responsibilities Working with an advisor guidance Information and physical security assessment Kidnap stages and preparations Financial aspects of a kidnap Page 9

10 Evacuation Planning and Response Coordination Evacuation from a security or medical crisis can become difficult to manage. The evacuation support services provide coordination for the emergency evacuation of clients, dependents and other travelers in situations where it is no longer safe to remain in the location. The services include guidance to conduct of an evacuation, and operations and implementation procedures including: Incident coordination Indicators, triggers, security levels Evacuation preparation and warning Decision to evacuate process Conduct of the evacuation Evacuation procedure checklists Property Risk Assessment HUB Property Risk Consultants partner with our clients to understand their goals, objectives and challenges, as well as develop/implement property risk solutions that identify and minimize risk. The property risk assessment is designed to assess hazardous events and guidance on how to mitigate damage. This can include new residences, renovation/construction at a current residence and other larger assets. Property audits and reviews Natural hazard assessments Fire evaluation Property replacement costs calculations Property construction assessment Staff and employee training Emergency response planning Environmental compliance review Disaster Planning and Response Coordination Thoughtful preparation and planning pre-disaster can make a difference in mitigating potential negative consequences. HUB can assist in developing a response plan, as well as coordinating necessary support during a response. A disaster plan can be developed through the evaluation of hazards that are inherent near the location and addresses how to manage a potential incident. The plan should facilitate actions through pre-determined guidelines during and after the incident. The plans can include: Contacting emergency services Description of potential hazards Emergency evacuation or shelter in-place Accountability and communication Fire response procedures Severe weather response procedures Bomb threat response procedures Medical and rescue coordination Page 10

11 Electronic Countermeasures Assessment As there can be concerns related to the confidentiality of high level conversations, HUB can facilitate an electronic countermeasures assessment or sweep to minimize the potential for listening devices and electronic surveillance. The assessments and equipment that can be used are designed to detect, disrupt and/or defeat sophisticated electronic information gathering measures. These assessments can be done on a regular basis, based upon a change in the security environment or upon request. Lifestyle Assessment The lifestyle assessment is designed to identify potential risks presented to the client and evaluate mitigation strategies. Through discussions or a questionnaire, the discovery process is intended to capture as much information about the status, existing functionality and desired direction regarding a client s security risk management approach. Key deliverables for the lifestyle assessment reports include: Security profile Travel profile Activity profile Crisis Counseling Crisis counseling is available for those faced with a traumatic event or other situation where there is a need for psychological crisis support. Services normally begin with a short phone call between the counselor and a representative of the family and then potentially an on-site visit. Once engaged, individuals can call 24/7/365 and speak to a trained counselor on a completely anonymous and secure line. Counseling can be conducted: One-to-One Small groups Families Page 11

12 Client Commitment The HUB Advantage Our global resources and local relationships create world-class results for clients. With offices across North America, we are uniquely positioned to tailor solutions to meet local needs. Doing business with HUB means you can be assured that we will deliver constant innovation, integrity, and partnership. This discipline keeps us focused on providing advanced risk management services to all of our clients. HUB is the premiere resource for protecting and preserving personal, family and estate assets. As a trusted advisor, HUB is committed to help you manage risk and achieve your professional and personal goals. Our risk services division offers highly trained, experienced professionals who provide expert guidance and customized risk management solutions. HUB International s service philosophy is the driving force behind our culture. It is a business philosophy that says, Our Client Always Comes First. It means client-centric services, upholding the highest standards of ethical conduct, integrity, expertise, communication and responsiveness. Page 12

13 Biographies HART S. BROWN, CORP, CBCP, LPQ Senior Vice President - Organizational Resilience, Risk Services Division Hart Brown brings 20 years of experience in security, crisis management, emergency management, and business continuity to HUB International, currently serving as the Vice President and Practice Leader of Organizational Resilience in the Risk Services Division. Hart is an internationally recognized thought leader and has worked for several of the US Government s top agencies as well as leading private companies. He has served as a consultant, media contributor, conference presenter and author on crisis management issues. Prior to HUB, Mr. Brown was responsible for the security & crisis management for a multi-national retailer. His responsibilities included establishing market risk profiles, protective intelligence, executive protection, travel risk management and supply chain security for the company s global expansion. He conducted training & exercises, and managed crisis, business continuity, security events for the organization. As the crisis team leader, he designed the corporate critical incident management program and created specialized response plans for incidents of workplace violence and kidnapping and extortion. Formerly, Hart worked with the US Department of State, Diplomatic Security Service, Anti-Terrorism Assistance Program where he assisted partner countries in enhancing national level services related to critical incident management, vital infrastructure security, diplomatic protection, interdicting terrorist activity, response to hazardous materials incidents and hospital based management for mass casualty events. This includes supporting major global events such as the World Cup in South Africa and the APEC conference in Peru. In previous roles, Hart was instrumental in developing various crisis and security management plans for large corporations, universities and non-governmental organizations as a senior consultant for International SOS. In 2002, he provided leadership in security management, threat assessments and executive protection with WorldCom during one of the largest bankruptcies in US history. In 1998 using statistical methods he developed to evaluate the potential for targeted violence, Hart created the foundation for the US National Threat and Risk Assessment Program under the US Department of Justice. Hart was a co- author of the 2014 ANSI/ASIS SPC.2 standard on Auditing Management Systems for Risk, Resilience, Security and Continuity Management. He has received an Award of Appreciation from President George W. Bush for providing security and crisis management services during a government transition in the Middle East, as well as awards of appreciation from 12 host countries for his role in safety and security management. He is well published on the topics of security, travel risk management, kidnap response planning, threat assessments, workplace violence, business continuity, and crisis management, and is a regular presenter at industry conferences. Hart is a Board Certified Organizational Resilience Professional, Business Continuity Professional and Loss Prevention. He is the Vice Chair of the ASIS International Crisis Management & Business Continuity Council and is a member of the Chief Security Officer (CSO) Roundtable where he sits on the Nominating & Governance committee. Other government and industry associations include the Domestic Security Advisory Council, Overseas Security Advisory Council, FBI Infragard, the DHS Fusion Center, the Loss Prevention Foundation and the Security Executives Roundtable. He is a graduate of Texas A&M University with a Bachelor of Science degree in Radiological Health Engineering (Nuclear Engineering/Medicine) and a Masters of Science in Safety Engineering. In addition, he is a graduate of the Federal Bureau of Investigation Domestic Security Executive Academy. Page 13

14 JOHN FARLEY, CIPP/US, AIC Vice President - Cyber Risk Management Services, Risk Services Division John Farley is currently serving as a Vice President and Cyber Risk Consulting Practice Leader for HUB International s Risk Services Division. Headquartered in Chicago, IL. John is based in New York City and brings 24 years of risk consulting experience to the firm. While working at HUB International John has performed a variety of cyber risk consulting services for clients across many industries, including but not limited to personal cyber risks, Healthcare, Retail, Financial Services, Higher Education and Information Technology companies. He serves as a resource for pre-breach planning and post-data breach response in network security & privacy liability consulting. In this role he applies extensive knowledge in data breach response best practices and works diligently with clients to achieve optimal results in cost mitigation. John acts as a central coordinator between all parties involved - the client, insurance carriers, and any outsourced service provider hired, including, IT forensics experts, privacy attorneys, public relations firms, call center operators and other breach response service providers. John also facilitates online access to HUB International's e-risk Hub. This online database serves clients ongoing educational needs in the ever-changing network security and privacy risk environment. In addition, John provides client training that assists clients efforts in forecasting potential loss costs related to a network security event. He is a regular speaker at educational seminars on multiple network security and privacy liability challenges facing organizations today. Areas of focus are HIPAA, Payment Card Industry Data Security Standards, FERPA, government threat sharing initiatives, regulatory compliance and data breach notice requirements at the state, federal and international levels. John has a Bachelors of Arts degree in English and a minor in Business Management from Manhattan College. In addition, John is a Certified Information Privacy Professional (CIPP/US) and has received his Associate in Claims (AIC) designation. Page 14

15 ROSS ALBERT, CAMS Assistant Vice President - Organizational Resilience, Security Risk Management Specialist, Risk Services Division Ross Albert has 10 years of experience in public and private intelligence, corporate investigations, international security and risk management and is currently serving as the AVP for the Organizational Resilience Practice with HUB International. Ross is an industry leader in establishing intelligence led risk management programs and developing public-private intelligence cooperation Prior to joining HUB, Ross was an Anti-Money Laundering Analyst for K2 Intelligence, where he advised financial institutions on all aspects of anti-money laundering investigations, OFAC sanctions and regulatory compliance. As part his work with large multi-national banks, he was instrumental in a number of significant investigations including the FIFA corruption scandal. Through the development of analytical processes, programs, policies and plans he supported these financial institutions in identifying and reporting suspicious activity. Prior to joining K2, Ross was an International Security Intelligence Analyst for Rent-A-Center, Inc. based in Dallas. As their lead intelligence analyst, he served a key role protecting personnel and assets in over 200 locations in Mexico. Ross was responsible for threat and risk assessments on various markets in Mexico and Latin America, which were used to determine the strategic direction and support the corporate expansion in the region. In addition, Ross created and designed unique methods for the use of social media analytics as a real-time, early warning mechanism as part of an intelligence led security risk management program. He was a member of the corporate crisis team where he managed multiple critical incidents. He also worked closely with government agencies such as the US Department of State, the Department of Homeland Security and US Treasury Department s Office of Foreign Assets Control (OFAC). Previously, Ross held positions with the New Jersey Transit Police Intelligence Section and the New Jersey Office of Homeland Security and Preparedness where he provided investigative case support for law enforcement personnel, conducted open source research on terrorism intelligence issues and prepared daily intelligence briefs. He also previously worked at Morgan Stanley in their Private Wealth Management division, assisting in developing investment and financial analysis for high-net worth clients. Ross has published work on transnational crime in Latin America and terrorist financing. He is a Certified Anti- Money Laundering Specialist (CAMS) and is a member of the Overseas Security Advisory Council, DHS Fusion Center, Association of Certified Anti-Money Laundering Specialists and the New York Analysts Roundtable. He earned an M.A. in International Relations from Seton Hall University, specializing in Security Studies and Latin America. He holds a Professional Certificate in Global Affairs from New York University, and earned a B.A. in Political Science from the University of Michigan. Page 15